/*
 * Copyright@www.it1997.com.
 * @Author: 陈晓晨
 * @Date: 2020/6/1
 * Description:版权所有 QQ:376231445
 */

package com.it1997.it1997admin.handler;

import com.it1997.it1997admin.pojo.Permission;
import com.it1997.it1997admin.pojo.User;
import lombok.extern.log4j.Log4j2;
import org.springframework.http.HttpRequest;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;

import javax.servlet.http.HttpServletRequest;
import java.util.List;
@Log4j2
@Component("rbacPermission")
public class RbacPermission {
    private AntPathMatcher antPathMatcher=new AntPathMatcher();
    public boolean hasPermission(HttpServletRequest request, Authentication authentication){
        Object principal = authentication.getPrincipal();
        log.info("请求用户："+principal);
        log.info("请求URI:"+request.getRequestURI());
        boolean hasPermission = false;
            if (principal instanceof User) {
                List<Permission> permissionList=((User) principal).getRolePermissions();
                for(Permission permission : permissionList){
                    if(antPathMatcher.match(permission.getHref(),request.getRequestURI())){
                        hasPermission = true;
                    }
        }
     }
            if(!hasPermission){
                log.info("您没有权限访问");
            }
        return hasPermission;
  }
}
